directhex/patch3-2.6.7.patch Secret

## patch3-2.6.7.patch
diff -urNad mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs
--- mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs	2009-09-25 15:59:06.000000000 +0100
+++ mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs	2015-03-06 15:27:39.106561719 +0000
@@ -60,14 +60,14 @@
 			scs.Add((0x00 << 0x08) | 0x09, "TLS_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, false, true, 8, 8, 56, 8, 8);

 			// Supported exportable ciphers
-			scs.Add((0x00 << 0x08) | 0x03, "TLS_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0);
-			scs.Add((0x00 << 0x08) | 0x06, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8);
-			scs.Add((0x00 << 0x08) | 0x08, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8, 8);
-			scs.Add((0x00 << 0x08) | 0x60, "TLS_RSA_EXPORT_WITH_RC4_56_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
-			scs.Add((0x00 << 0x08) | 0x61, "TLS_RSA_EXPORT_WITH_RC2_CBC_56_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 7, 16, 56, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x03, "TLS_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0);
+			// scs.Add((0x00 << 0x08) | 0x06, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x08, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x60, "TLS_RSA_EXPORT_WITH_RC4_56_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
+			// scs.Add((0x00 << 0x08) | 0x61, "TLS_RSA_EXPORT_WITH_RC2_CBC_56_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 7, 16, 56, 8, 8);
 			// 56 bits but we use 64 bits because of parity (DES is really 56 bits)
-			scs.Add((0x00 << 0x08) | 0x62, "TLS_RSA_EXPORT_WITH_DES_CBC_56_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 8, 8, 64, 8, 8);
-			scs.Add((0x00 << 0x08) | 0x64, "TLS_RSA_EXPORT_WITH_RC4_56_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
+			// scs.Add((0x00 << 0x08) | 0x62, "TLS_RSA_EXPORT_WITH_DES_CBC_56_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 8, 8, 64, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x64, "TLS_RSA_EXPORT_WITH_RC4_56_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);

 			// Default CipherSuite
 			// scs.Add(0, "TLS_NULL_WITH_NULL_NULL", CipherAlgorithmType.None, HashAlgorithmType.None, ExchangeAlgorithmType.None, true, false, 0, 0, 0, 0, 0);
@@ -138,14 +138,14 @@
 			scs.Add((0x00 << 0x08) | 0x09, "SSL_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, false, true, 8, 8, 56, 8, 8);

 			// Supported exportable ciphers
-			scs.Add((0x00 << 0x08) | 0x03, "SSL_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0);
-			scs.Add((0x00 << 0x08) | 0x06, "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8);
-			scs.Add((0x00 << 0x08) | 0x08, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8, 8);
-			scs.Add((0x00 << 0x08) | 0x60, "SSL_RSA_EXPORT_WITH_RC4_56_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
-			scs.Add((0x00 << 0x08) | 0x61, "SSL_RSA_EXPORT_WITH_RC2_CBC_56_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 7, 16, 56, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x03, "SSL_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0);
+			// scs.Add((0x00 << 0x08) | 0x06, "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x08, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x60, "SSL_RSA_EXPORT_WITH_RC4_56_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
+			// scs.Add((0x00 << 0x08) | 0x61, "SSL_RSA_EXPORT_WITH_RC2_CBC_56_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 7, 16, 56, 8, 8);
 			// 56 bits but we use 64 bits because of parity (DES is really 56 bits)
-			scs.Add((0x00 << 0x08) | 0x62, "SSL_RSA_EXPORT_WITH_DES_CBC_56_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 8, 8, 64, 8, 8);
-			scs.Add((0x00 << 0x08) | 0x64, "SSL_RSA_EXPORT_WITH_RC4_56_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
+			// scs.Add((0x00 << 0x08) | 0x62, "SSL_RSA_EXPORT_WITH_DES_CBC_56_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 8, 8, 64, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x64, "SSL_RSA_EXPORT_WITH_RC4_56_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);

 			// Default CipherSuite
 			// scs.Add(0, "SSL_NULL_WITH_NULL_NULL", CipherAlgorithmType.None, HashAlgorithmType.None, true, false, 0, 0, 0, 0, 0);
diff -urNad mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs
--- mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs	2015-03-06 15:27:19.890562158 +0000
+++ mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs	2015-03-06 15:27:39.106561719 +0000
@@ -160,13 +160,6 @@
 					return new TlsServerCertificate(this.context, buffer);

 					// Optional
-				case HandshakeType.ServerKeyExchange:
-					// only for RSA_EXPORT
-					if (last == HandshakeType.Certificate && context.Current.Cipher.IsExportable)
-						return new TlsServerKeyExchange(this.context, buffer);
-					break;
-
-					// Optional
 				case HandshakeType.CertificateRequest:
 					if (last == HandshakeType.ServerKeyExchange || last == HandshakeType.Certificate)
 						return new TlsServerCertificateRequest(this.context, buffer);
diff -urNad mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs
--- mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs	2009-09-25 15:59:06.000000000 +0100
+++ mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs	2015-03-06 15:27:39.106561719 +0000
@@ -190,59 +190,15 @@
 			this.Context.ClientWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize);
 			this.Context.ServerWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize);

-			if (!this.IsExportable)
+			if (this.IvSize != 0)
 			{
-				if (this.IvSize != 0)
-				{
-					this.Context.ClientWriteIV = keyBlock.ReadBytes(this.IvSize);
-					this.Context.ServerWriteIV = keyBlock.ReadBytes(this.IvSize);
-				}
-				else
-				{
-					this.Context.ClientWriteIV = CipherSuite.EmptyArray;
-					this.Context.ServerWriteIV = CipherSuite.EmptyArray;
-				}
+				this.Context.ClientWriteIV = keyBlock.ReadBytes(this.IvSize);
+				this.Context.ServerWriteIV = keyBlock.ReadBytes(this.IvSize);
 			}
 			else
 			{
-				HashAlgorithm md5 = MD5.Create();
-
-				int keySize = (md5.HashSize >> 3); //in bytes not bits
-				byte[] temp = new byte [keySize];
-
-				// Generate final write keys
-				md5.TransformBlock(this.Context.ClientWriteKey, 0, this.Context.ClientWriteKey.Length, temp, 0);
-				md5.TransformFinalBlock(this.Context.RandomCS, 0, this.Context.RandomCS.Length);
-				byte[] finalClientWriteKey = new byte[this.ExpandedKeyMaterialSize];
-				Buffer.BlockCopy(md5.Hash, 0, finalClientWriteKey, 0, this.ExpandedKeyMaterialSize);
-
-				md5.Initialize();
-				md5.TransformBlock(this.Context.ServerWriteKey, 0, this.Context.ServerWriteKey.Length, temp, 0);
-				md5.TransformFinalBlock(this.Context.RandomSC, 0, this.Context.RandomSC.Length);
-				byte[] finalServerWriteKey = new byte[this.ExpandedKeyMaterialSize];
-				Buffer.BlockCopy(md5.Hash, 0, finalServerWriteKey, 0, this.ExpandedKeyMaterialSize);
-
-				this.Context.ClientWriteKey = finalClientWriteKey;
-				this.Context.ServerWriteKey = finalServerWriteKey;
-
-				// Generate IV keys
-				if (this.IvSize > 0)
-				{
-					md5.Initialize();
-					temp = md5.ComputeHash(this.Context.RandomCS, 0, this.Context.RandomCS.Length);
-					this.Context.ClientWriteIV = new byte[this.IvSize];
-					Buffer.BlockCopy(temp, 0, this.Context.ClientWriteIV, 0, this.IvSize);
-
-					md5.Initialize();
-					temp = md5.ComputeHash(this.Context.RandomSC, 0, this.Context.RandomSC.Length);
-					this.Context.ServerWriteIV = new byte[this.IvSize];
-					Buffer.BlockCopy(temp, 0, this.Context.ServerWriteIV, 0, this.IvSize);
-				}
-				else
-				{
-					this.Context.ClientWriteIV = CipherSuite.EmptyArray;
-					this.Context.ServerWriteIV = CipherSuite.EmptyArray;
-				}
+				this.Context.ClientWriteIV = CipherSuite.EmptyArray;
+				this.Context.ServerWriteIV = CipherSuite.EmptyArray;
 			}

 			DebugHelper.WriteLine(">>>> KeyBlock", keyBlock.ToArray());
diff -urNad mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs
--- mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs	2010-03-11 06:13:16.000000000 +0000
+++ mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs	2015-03-06 15:31:14.758556786 +0000
@@ -230,19 +230,11 @@
 			// Send ServerCertificate message
 			this.protocol.SendRecord(HandshakeType.Certificate);

-			// If the negotiated cipher is a KeyEx cipher send ServerKeyExchange
-			if (this.context.Negotiating.Cipher.IsExportable)
-			{
-				this.protocol.SendRecord(HandshakeType.ServerKeyExchange);
-			}
-
 			bool certRequested = false;

-			// If the negotiated cipher is a KeyEx cipher or
-			// the client certificate is required send the CertificateRequest message
-			if (this.context.Negotiating.Cipher.IsExportable ||
-				((ServerContext)this.context).ClientCertificateRequired ||
-				((ServerContext)this.context).RequestClientCertificate)
+			// If the client certificate is required send the CertificateRequest message
+			if (((ServerContext)this.context).ClientCertificateRequired ||
+ 				((ServerContext)this.context).RequestClientCertificate)
 			{
 				this.protocol.SendRecord(HandshakeType.CertificateRequest);
 				certRequested = true;
diff -urNad mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs
--- mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs	2009-09-25 15:59:06.000000000 +0100
+++ mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs	2015-03-06 15:27:39.106561719 +0000
@@ -118,45 +118,15 @@
 			this.Context.ClientWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize);
 			this.Context.ServerWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize);

-			if (!this.IsExportable)
+			if (this.IvSize != 0)
 			{
-				if (this.IvSize != 0)
-				{
-					this.Context.ClientWriteIV = keyBlock.ReadBytes(this.IvSize);
-					this.Context.ServerWriteIV = keyBlock.ReadBytes(this.IvSize);
-				}
-				else
-				{
-					this.Context.ClientWriteIV = CipherSuite.EmptyArray;
-					this.Context.ServerWriteIV = CipherSuite.EmptyArray;
-				}
+				this.Context.ClientWriteIV = keyBlock.ReadBytes(this.IvSize);
+				this.Context.ServerWriteIV = keyBlock.ReadBytes(this.IvSize);
 			}
 			else
 			{
-				// Generate final write keys
-				byte[] finalClientWriteKey	= PRF(this.Context.ClientWriteKey, "client write key", this.Context.RandomCS, this.ExpandedKeyMaterialSize);
-				byte[] finalServerWriteKey	= PRF(this.Context.ServerWriteKey, "server write key", this.Context.RandomCS, this.ExpandedKeyMaterialSize);
-
-				this.Context.ClientWriteKey	= finalClientWriteKey;
-				this.Context.ServerWriteKey	= finalServerWriteKey;
-
-				if (this.IvSize > 0)
-				{
-					// Generate IV block
-					byte[] ivBlock = PRF(CipherSuite.EmptyArray, "IV block", this.Context.RandomCS, this.IvSize*2);
-
-					// Generate IV keys
-					this.Context.ClientWriteIV = new byte[this.IvSize];
-					Buffer.BlockCopy(ivBlock, 0, this.Context.ClientWriteIV, 0, this.Context.ClientWriteIV.Length);
-
-					this.Context.ServerWriteIV = new byte[this.IvSize];
-					Buffer.BlockCopy(ivBlock, this.IvSize, this.Context.ServerWriteIV, 0, this.Context.ServerWriteIV.Length);
-				}
-				else
-				{
-					this.Context.ClientWriteIV = CipherSuite.EmptyArray;
-					this.Context.ServerWriteIV = CipherSuite.EmptyArray;
-				}
+				this.Context.ClientWriteIV = CipherSuite.EmptyArray;
+				this.Context.ServerWriteIV = CipherSuite.EmptyArray;
 			}

 			DebugHelper.WriteLine(">>>> KeyBlock", keyBlock.ToArray());
	diff -urNad mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs
	--- mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs 2009-09-25 15:59:06.000000000 +0100
	+++ mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs 2015-03-06 15:27:39.106561719 +0000
	@@ -60,14 +60,14 @@
	scs.Add((0x00 << 0x08) \| 0x09, "TLS_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, false, true, 8, 8, 56, 8, 8);

	// Supported exportable ciphers
	- scs.Add((0x00 << 0x08) \| 0x03, "TLS_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0);
	- scs.Add((0x00 << 0x08) \| 0x06, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8);
	- scs.Add((0x00 << 0x08) \| 0x08, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8, 8);
	- scs.Add((0x00 << 0x08) \| 0x60, "TLS_RSA_EXPORT_WITH_RC4_56_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
	- scs.Add((0x00 << 0x08) \| 0x61, "TLS_RSA_EXPORT_WITH_RC2_CBC_56_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 7, 16, 56, 8, 8);
	+ // scs.Add((0x00 << 0x08) \| 0x03, "TLS_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0);
	+ // scs.Add((0x00 << 0x08) \| 0x06, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8);
	+ // scs.Add((0x00 << 0x08) \| 0x08, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8, 8);
	+ // scs.Add((0x00 << 0x08) \| 0x60, "TLS_RSA_EXPORT_WITH_RC4_56_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
	+ // scs.Add((0x00 << 0x08) \| 0x61, "TLS_RSA_EXPORT_WITH_RC2_CBC_56_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 7, 16, 56, 8, 8);
	// 56 bits but we use 64 bits because of parity (DES is really 56 bits)
	- scs.Add((0x00 << 0x08) \| 0x62, "TLS_RSA_EXPORT_WITH_DES_CBC_56_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 8, 8, 64, 8, 8);
	- scs.Add((0x00 << 0x08) \| 0x64, "TLS_RSA_EXPORT_WITH_RC4_56_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
	+ // scs.Add((0x00 << 0x08) \| 0x62, "TLS_RSA_EXPORT_WITH_DES_CBC_56_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 8, 8, 64, 8, 8);
	+ // scs.Add((0x00 << 0x08) \| 0x64, "TLS_RSA_EXPORT_WITH_RC4_56_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);

	// Default CipherSuite
	// scs.Add(0, "TLS_NULL_WITH_NULL_NULL", CipherAlgorithmType.None, HashAlgorithmType.None, ExchangeAlgorithmType.None, true, false, 0, 0, 0, 0, 0);
	@@ -138,14 +138,14 @@
	scs.Add((0x00 << 0x08) \| 0x09, "SSL_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, false, true, 8, 8, 56, 8, 8);

	// Supported exportable ciphers
	- scs.Add((0x00 << 0x08) \| 0x03, "SSL_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0);
	- scs.Add((0x00 << 0x08) \| 0x06, "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8);
	- scs.Add((0x00 << 0x08) \| 0x08, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8, 8);
	- scs.Add((0x00 << 0x08) \| 0x60, "SSL_RSA_EXPORT_WITH_RC4_56_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
	- scs.Add((0x00 << 0x08) \| 0x61, "SSL_RSA_EXPORT_WITH_RC2_CBC_56_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 7, 16, 56, 8, 8);
	+ // scs.Add((0x00 << 0x08) \| 0x03, "SSL_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0);
	+ // scs.Add((0x00 << 0x08) \| 0x06, "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8);
	+ // scs.Add((0x00 << 0x08) \| 0x08, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8, 8);
	+ // scs.Add((0x00 << 0x08) \| 0x60, "SSL_RSA_EXPORT_WITH_RC4_56_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
	+ // scs.Add((0x00 << 0x08) \| 0x61, "SSL_RSA_EXPORT_WITH_RC2_CBC_56_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 7, 16, 56, 8, 8);
	// 56 bits but we use 64 bits because of parity (DES is really 56 bits)
	- scs.Add((0x00 << 0x08) \| 0x62, "SSL_RSA_EXPORT_WITH_DES_CBC_56_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 8, 8, 64, 8, 8);
	- scs.Add((0x00 << 0x08) \| 0x64, "SSL_RSA_EXPORT_WITH_RC4_56_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
	+ // scs.Add((0x00 << 0x08) \| 0x62, "SSL_RSA_EXPORT_WITH_DES_CBC_56_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 8, 8, 64, 8, 8);
	+ // scs.Add((0x00 << 0x08) \| 0x64, "SSL_RSA_EXPORT_WITH_RC4_56_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);

	// Default CipherSuite
	// scs.Add(0, "SSL_NULL_WITH_NULL_NULL", CipherAlgorithmType.None, HashAlgorithmType.None, true, false, 0, 0, 0, 0, 0);
	diff -urNad mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs
	--- mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs 2015-03-06 15:27:19.890562158 +0000
	+++ mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs 2015-03-06 15:27:39.106561719 +0000
	@@ -160,13 +160,6 @@
	return new TlsServerCertificate(this.context, buffer);

	// Optional
	- case HandshakeType.ServerKeyExchange:
	- // only for RSA_EXPORT
	- if (last == HandshakeType.Certificate && context.Current.Cipher.IsExportable)
	- return new TlsServerKeyExchange(this.context, buffer);
	- break;
	-
	- // Optional
	case HandshakeType.CertificateRequest:
	if (last == HandshakeType.ServerKeyExchange \|\| last == HandshakeType.Certificate)
	return new TlsServerCertificateRequest(this.context, buffer);
	diff -urNad mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs
	--- mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs 2009-09-25 15:59:06.000000000 +0100
	+++ mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs 2015-03-06 15:27:39.106561719 +0000
	@@ -190,59 +190,15 @@
	this.Context.ClientWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize);
	this.Context.ServerWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize);

	- if (!this.IsExportable)
	+ if (this.IvSize != 0)
	{
	- if (this.IvSize != 0)
	- {
	- this.Context.ClientWriteIV = keyBlock.ReadBytes(this.IvSize);
	- this.Context.ServerWriteIV = keyBlock.ReadBytes(this.IvSize);
	- }
	- else
	- {
	- this.Context.ClientWriteIV = CipherSuite.EmptyArray;
	- this.Context.ServerWriteIV = CipherSuite.EmptyArray;
	- }
	+ this.Context.ClientWriteIV = keyBlock.ReadBytes(this.IvSize);
	+ this.Context.ServerWriteIV = keyBlock.ReadBytes(this.IvSize);
	}
	else
	{
	- HashAlgorithm md5 = MD5.Create();
	-
	- int keySize = (md5.HashSize >> 3); //in bytes not bits
	- byte[] temp = new byte [keySize];
	-
	- // Generate final write keys
	- md5.TransformBlock(this.Context.ClientWriteKey, 0, this.Context.ClientWriteKey.Length, temp, 0);
	- md5.TransformFinalBlock(this.Context.RandomCS, 0, this.Context.RandomCS.Length);
	- byte[] finalClientWriteKey = new byte[this.ExpandedKeyMaterialSize];
	- Buffer.BlockCopy(md5.Hash, 0, finalClientWriteKey, 0, this.ExpandedKeyMaterialSize);
	-
	- md5.Initialize();
	- md5.TransformBlock(this.Context.ServerWriteKey, 0, this.Context.ServerWriteKey.Length, temp, 0);
	- md5.TransformFinalBlock(this.Context.RandomSC, 0, this.Context.RandomSC.Length);
	- byte[] finalServerWriteKey = new byte[this.ExpandedKeyMaterialSize];
	- Buffer.BlockCopy(md5.Hash, 0, finalServerWriteKey, 0, this.ExpandedKeyMaterialSize);
	-
	- this.Context.ClientWriteKey = finalClientWriteKey;
	- this.Context.ServerWriteKey = finalServerWriteKey;
	-
	- // Generate IV keys
	- if (this.IvSize > 0)
	- {
	- md5.Initialize();
	- temp = md5.ComputeHash(this.Context.RandomCS, 0, this.Context.RandomCS.Length);
	- this.Context.ClientWriteIV = new byte[this.IvSize];
	- Buffer.BlockCopy(temp, 0, this.Context.ClientWriteIV, 0, this.IvSize);
	-
	- md5.Initialize();
	- temp = md5.ComputeHash(this.Context.RandomSC, 0, this.Context.RandomSC.Length);
	- this.Context.ServerWriteIV = new byte[this.IvSize];
	- Buffer.BlockCopy(temp, 0, this.Context.ServerWriteIV, 0, this.IvSize);
	- }
	- else
	- {
	- this.Context.ClientWriteIV = CipherSuite.EmptyArray;
	- this.Context.ServerWriteIV = CipherSuite.EmptyArray;
	- }
	+ this.Context.ClientWriteIV = CipherSuite.EmptyArray;
	+ this.Context.ServerWriteIV = CipherSuite.EmptyArray;
	}

	DebugHelper.WriteLine(">>>> KeyBlock", keyBlock.ToArray());
	diff -urNad mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs
	--- mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs 2010-03-11 06:13:16.000000000 +0000
	+++ mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs 2015-03-06 15:31:14.758556786 +0000
	@@ -230,19 +230,11 @@
	// Send ServerCertificate message
	this.protocol.SendRecord(HandshakeType.Certificate);

	- // If the negotiated cipher is a KeyEx cipher send ServerKeyExchange
	- if (this.context.Negotiating.Cipher.IsExportable)
	- {
	- this.protocol.SendRecord(HandshakeType.ServerKeyExchange);
	- }
	-
	bool certRequested = false;

	- // If the negotiated cipher is a KeyEx cipher or
	- // the client certificate is required send the CertificateRequest message
	- if (this.context.Negotiating.Cipher.IsExportable \|\|
	- ((ServerContext)this.context).ClientCertificateRequired \|\|
	- ((ServerContext)this.context).RequestClientCertificate)
	+ // If the client certificate is required send the CertificateRequest message
	+ if (((ServerContext)this.context).ClientCertificateRequired \|\|
	+ ((ServerContext)this.context).RequestClientCertificate)
	{
	this.protocol.SendRecord(HandshakeType.CertificateRequest);
	certRequested = true;
	diff -urNad mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs
	--- mono-2.6.7.orig/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs 2009-09-25 15:59:06.000000000 +0100
	+++ mono-2.6.7/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs 2015-03-06 15:27:39.106561719 +0000
	@@ -118,45 +118,15 @@
	this.Context.ClientWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize);
	this.Context.ServerWriteKey = keyBlock.ReadBytes(this.KeyMaterialSize);

	- if (!this.IsExportable)
	+ if (this.IvSize != 0)
	{
	- if (this.IvSize != 0)
	- {
	- this.Context.ClientWriteIV = keyBlock.ReadBytes(this.IvSize);
	- this.Context.ServerWriteIV = keyBlock.ReadBytes(this.IvSize);
	- }
	- else
	- {
	- this.Context.ClientWriteIV = CipherSuite.EmptyArray;
	- this.Context.ServerWriteIV = CipherSuite.EmptyArray;
	- }
	+ this.Context.ClientWriteIV = keyBlock.ReadBytes(this.IvSize);
	+ this.Context.ServerWriteIV = keyBlock.ReadBytes(this.IvSize);
	}
	else
	{
	- // Generate final write keys
	- byte[] finalClientWriteKey = PRF(this.Context.ClientWriteKey, "client write key", this.Context.RandomCS, this.ExpandedKeyMaterialSize);
	- byte[] finalServerWriteKey = PRF(this.Context.ServerWriteKey, "server write key", this.Context.RandomCS, this.ExpandedKeyMaterialSize);
	-
	- this.Context.ClientWriteKey = finalClientWriteKey;
	- this.Context.ServerWriteKey = finalServerWriteKey;
	-
	- if (this.IvSize > 0)
	- {
	- // Generate IV block
	- byte[] ivBlock = PRF(CipherSuite.EmptyArray, "IV block", this.Context.RandomCS, this.IvSize*2);
	-
	- // Generate IV keys
	- this.Context.ClientWriteIV = new byte[this.IvSize];
	- Buffer.BlockCopy(ivBlock, 0, this.Context.ClientWriteIV, 0, this.Context.ClientWriteIV.Length);
	-
	- this.Context.ServerWriteIV = new byte[this.IvSize];
	- Buffer.BlockCopy(ivBlock, this.IvSize, this.Context.ServerWriteIV, 0, this.Context.ServerWriteIV.Length);
	- }
	- else
	- {
	- this.Context.ClientWriteIV = CipherSuite.EmptyArray;
	- this.Context.ServerWriteIV = CipherSuite.EmptyArray;
	- }
	+ this.Context.ClientWriteIV = CipherSuite.EmptyArray;
	+ this.Context.ServerWriteIV = CipherSuite.EmptyArray;
	}

	DebugHelper.WriteLine(">>>> KeyBlock", keyBlock.ToArray());